-
Notifications
You must be signed in to change notification settings - Fork 175
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: implement cmpd's PolicyRules #8328
base: main
Are you sure you want to change the base?
Conversation
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #8328 +/- ##
==========================================
+ Coverage 61.29% 62.06% +0.76%
==========================================
Files 350 351 +1
Lines 41172 41751 +579
==========================================
+ Hits 25236 25911 +675
+ Misses 13637 13533 -104
- Partials 2299 2307 +8
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: ClusterRole | ||
metadata: | ||
name: kubeblocks-backup-pod-role |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This role is also not needed since relavant code removed in #8203
@@ -166,33 +164,9 @@ func kindsForWipeOut() ([]client.ObjectList, []client.ObjectList) { | |||
|
|||
// shouldSkipObjOwnedByComp is used to judge whether the object owned by component should be skipped when deleting the cluster | |||
func shouldSkipObjOwnedByComp(obj client.Object, cluster kbappsv1.Cluster) bool { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
remove shouldSkipObjOwnedByComp
and use isOwnedByComp
directly
// If the user has disabled rbac manager or specified comp.Spec.ServiceAccountName, it is now the user's responsibility to | ||
// provide appropriate serviceaccount, roles and rolebindings. | ||
if transCtx.Component.Spec.ServiceAccountName != "" { | ||
return nil |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if SA is not exist, raise an error?
Fixes #8310. Things done in this PR:
serviceAccountName
in cluster and component CR. KB now does not create rbac resources if user has specified a service account.kb-<clusterName>-<compName>
.TODO: